• by John F. Marshall , August 24, 2006

To combat click fraud, take a page from airport security

Advertisers face a range of choices when they have reason to suspect click fraud in their pay-per-click (PPC) campaigns. Navigating the realm of detection and refund options is much easier when we have a grasp on how and why click fraud happens.

Click fraud happens when PPC ads are clicked with the purpose of illegitimate gain rather than interest in the advertised product/service. The fraudster might gain by clicking on competing ads until he hits a maximum daily limit and goes offline. In another scenario, the fraudster simulates click activity on ads hosted on his own Web page and receives revenue for each click from the PPC engine. The latter is by far the most common form of click fraud, and it's getting worse due to the growing number of automated bots that click ads on behalf of their masters.

 >Airport Security. The situation is analogous to airport security. Almost all air passengers are good people, with a tiny number of bad guys. How to separate one group from the other?

The airport's solutions include metal detectors and X-rays, which look for signs commonly associated with bad behavior, such as carrying sharp items or dangerous metal objects onto the plane. You may have noticed, though, that even with very sophisticated technology, a few good guys still trigger alarm bells. These false positives are actually a good thing. They mean the threshold for detection is set comparatively low, which triggers some false positives. They're better than the alternative, false negatives, which mean that bad guys with dangerous objects can get on the plane.

Detecting click fraud is very similar. The vast majority of campaigns are fine, but a small number will perform poorly and cost a lot. But without automated tools, the suspect campaigns are difficult to locate quickly. To make matters worse, ROI isn't a good enough detection method, because the sales cycle for any significant product is several weeks and not all revenue is tracked. Fraud can easily run out of control during this time.

 >Current Technology. New automated tools can examine campaigns at and after the click, and then look for red flags: unusual patterns in average time on the site, behavioral attributes related to pages viewed, or sudden surges in campaign costs. The tools layer on advanced statistical techniques to establish a mean and then report variances from that baseline.

 >Recovering Costs. Applying for a refund requires forensic evidence. An automated tool can help enormously by producing a list of dubious sessions, flagged with the reason they appear suspicious. A complete request for refund should include a claim for the estimated amount paid for fraudulent clicks and all logged visitor activity shortly before, during, and after the suspicious clicks. Visitor activity reports should include:

• Ad description and landing page with all parameters.
• Date and time of each click from the ad.
• Visitor's Internet address.
• Country of origin for each visitor.
• All referring site information for each click.

Finally, good old-fashioned server log files are the best source of data for click fraud detection. Fraud robots are adept at slipping beneath the wire of JavaScript (or tagged) data collection, but they can't escape log files. Furthermore, log files can reveal fraudulent activity from the past, and this is the best source for proving what happened at and after the click. 

John Marshall is the CEO and founder of ClickTracks. (jmarshall@clicktracks.com)